We recently had a new management company come in for our business - new AD forest, totally new domains, totally new everything. Our old machines were in their own AD forest and domain. From what I've been told by the Senior IT Manager over there, machines don't migrate well from one domain to another if you don't do a certain step in between removing the machine from the old domain and forest and adding it to the new domain and forest.

I can tell since Flash wasn't playing properly with IE 8; the machines that were migrated over are having strange problems with it, but the machines that were built from scratch for the new domain are fine. We did some troubleshooting to try to fix the Flash installs but we don't see any error messages popping up, and they were even doin the installs with the Domain Admin accounts. After a whole bunch of troubleshooting we are thinking the old domain policies may be blocking the installs from "fully" installing.

From my understanding there's a lot of "throwover/leftover" group policies from the original domain that remain even when you remove the machine from the old domain. I'd like to clear out those old policies so that no conflicts occur when we migrate another set of old stations to the new domain.

1 Answer
1

I'm not sure where your information re: group policy settings being "leftover" came from. My experience is the opposite. Administrative template and other group policy settings won't be "leftover" when you disjoin one domain and join another. Changes made using group policy that are persistent (software installed w/o being flagged to uninstall when the GPO falls out of scope of management, changes made w/ startup or logon scripts to the computer or user environment) will "stick", but that's by-design.

I'd be interested to know what this "certain step" is. For a volunteer project I do every summer I take over some computer labs at a local college, disjoin the PCs from their domain, and join the PCs to a domain that I host on a server for my volunteer group. The college uses Group Policy rather heavily, as do I, and we haven't had problems migrating their machines and having group policy apply properly. (We wreck the machines, so the college just re-images them when we're done... heh heh...)

It's strange that you should mention Flash as having problems, because I'm seeing problems with Window XP Pro-based computers being upgraded to WinXP SP3 and IE8 that are having Flash fail to work when a non-Administrator user is logged-on. The Flash ActiveX control was originally installed from an Adobe-provided MSI file, and has recently been upgraded to version 10.0.32.18. I'm still getting to the bottom of that issue (just got reported to me this afternoon), but I'll drop an edit here when I know more. (I'm actually actively working on the issue in another window... >smile<)

I updated some Adobe-thing and it wanted me to update or install its download mangler, which I did. I run my machine with a non-admin user and now anytime a Flash loads in Firefox (I have but don't use IE) I get a popup to install the download mangler with an admin account, which I did at first. I tell the box to go away and my Flash loads.
–
Keith StokesSep 17 '09 at 23:06